practical risk management
 
Showing 1-10 of 33 records
 
Expand article

Seven steps to managing IT Risk

2008-07-21 21:34:00 by Ryan Shopp in practical risk management
 
...information Conduct periodic risk assessments to determine changes in the operations risk profile and assess control performance. Great advice. These seven steps are precisely what IT-GRC solutions should help an Enterprise accomplish. They provide the construct (aka think configuration wizard) for establishing and maintaining a quality risk...
 
Tags: risk, risk event, risk assessment, risk managers, operations risk profile, retain risk incident, specific risks, steps, risks
 
 
 
 
Expand article

So now everyone is an IT GRC vendor

2008-06-01 21:35:00 by Ryan Shopp in practical risk management
 
...Information Technology Governance, Risk & Compliance) is a term that started gaining momentum about a year ago. At that time Gartner, Forrester, EMA and other research analyst firms started using it to describe exactly what Securityworks does. Next thing you know customers are achieving tangible results from these solutions and the press...
 
Tags: technology, single product, technology company, product, itgrc, security, it-grc, itgrc products, security products
 
 
 
 
Expand article

Evolution of IT Security to Risk; driving IT GRC acceptance?

2008-04-24 21:32:00 by Ryan Shopp in practical risk management
 
...security products. You still need your COBIT, ISO, ITIL and other best practice processes. And of course, you still need the people who should know the overall business goals and priorities and then apply their expertise on how IT can help achieve those goals. GRC as mentioned before is the organization collaboration construct that can...
 
Tags: risk, chief risk officer, grc, security, strategic risk centric, risk officer, internal risk consultants, operational security tasks, grc solutions
 
 
 
 
Expand article

Circumventing Enterprise Security Policies

2008-04-08 18:41:00 by Ryan Shopp in practical risk management
 
...Security Department policies This of course as we know exposes the company to IT GRC concerns (Governance, Risk & Compliance). A couple hard numbers that jumped out at me 80 percent of the enterprises are supporting proxy applications, such as KProxy or CGI proxies, which mask the user's identity and surfing habits from IT monitoring tools...
 
Tags: security department policies, assessment automation products, traffic enforcement mechanisms, grc concerns, cgi proxies, user, palo alto, enterprises, quickly resolve
 
 
 
 
Expand article

Nice GRC write-up and how it relates to log management initiatives

2008-03-24 13:34:00 by Ryan Shopp in practical risk management
 
...security and prevention management. The article, as expected, has a major slant toward Log Management, but it is a very good summary that also highlights other key capabilities / areas important to GRC Even though most security vendors are marketing IT Risk Management, many customers are beginning to realize there is this new breed of...
 
Tags: grc, grc products, software products, software, products, security, log management, log, security vendors
 
 
 
 
Expand article

IT GRC is the next evolution for the Enterprise Security Organization

2008-03-17 15:35:00 by Ryan Shopp in practical risk management
 
...Security organizations money through automation today! There is no reason a Fortune 500 company should be spending this much of their IT budget on IT-GRC when these products today significantly reduce the amount of manual labor (consultants) performing these governance, risk & compliance duties
 
Tags: grc, it-grc strategy, it-grc, it-grc space continue, grc guru, fortune, save fortune, security organizations money, significantly
 
 
 
 
Expand article

Great tutorial on Information Security Program Metrics

2008-03-10 13:37:00 by Ryan Shopp in practical risk management
 
...Security Slide 15 nails what are the questions security programs should answer on the head How secure am I Am I better off than this time last year Am I spending the right amount of money How do I compare to my peers What risk transfer options do I have Slide 36 has a great quote on "Risk Management The essence of risk management lies in...
 
Tags: security, security workers, security standards, security staff, security team consultations, questions security programs, programs, percentage, data
 
 
 
 
Expand article

Going beyond technical security controls

2008-03-03 13:51:00 by Ryan Shopp in practical risk management
 
...Security Policy," that hits the 5 basics that so many busy executives look past when leading a security organization Not having a policy Not updating the policy Not tracking compliance with the policy Having a "tech only" policy Having a large, unwieldy policy One of the biggest we see every day is #4. Most enterprises have some policy in...
 
Tags: security, security eventlog manager, assess security controls, entire security program, security policy, policy, security organization, unwieldy policy, security software application
 
 
 
 
Expand article

Top 3 conclusions about IT Risk Management we like hearing

2008-02-25 14:28:00 by Ryan Shopp in practical risk management
 
...Security.com Here are the conclusions that grabbed our eye Businesses would be far better served if they viewed security as an IT risk management element that can be addressed alongside other critical elements, such as availability, performance and compliance Technology alone can't mitigate IT risk. While technology plays a critical role in...
 
Tags: risk management, risk, risk management element, risk mitigation, management, recent symantec, nice summary, technology plays, technology